Review #1_Information Gathering with DNSenum

When I first saw the Kali Linux, I didn’t know much about penetration testing tools. I only used Metasploit framework to penetrate some CVE on virtual machines. After few more days later, I took a penetration testing courses, and found out Kali linux has more function besides than msfconsole. So, I decided to read this book to learn more about Kali’s pen-testing features and functions.

First two chapters, named “up and running” and “customizing” are simple step for person who never used or installed Kali Linux. This chapter was helpful when I need to set up certain network protocol like like SSH, FTP and Apache2. To customize the environment, the book shows how to install kernel headers. I’ve never learned about the function of kernel header, but it’s used to define interfaces between components of the kernel and user space.

Chapter 3 : Advanced Testing Lab

For hacking tools/ penetration testing, the chapter shows ‘Turnkey Linux WordPress Virtual Machine’ , which named “WPScan”. It scans WordPress Security and allows users to find their vulnerability. To practice, we need a testbed, target wordpress website and it’s IP or domain address.

Chapter 4 : Information Gathering

To penetrate a target, we need to know basic information about a target, This step also called is footprinting and reconnaissance. The author emphasizes that documentation is also important. There’s passive and active technique, passive footprinting / scanning is collecting public/general information, which isn’t required interaction with a target such as google search, company’s webpage’s public information or job opening description . Active scanning is required a interaction between target server/ system such as ICMP scanning.
In this chapter, I learned how to use enumeration tricks by using DNSenum (DNS enumeration tool) and SnmpEnum(SNMP enumeration tool). For your information, DNS, Domain Name System is decentralized naming system for devices, which helps them to connect to the internet or private network. By using DNS enumeration technique, you can get a target’s network’s’ computer names, IP address and username. I try to scan a website by using DNSenum. As you can see the image below. There’s DNS zone transfer at the bottom. For your information, DNS Zone Transfer is used to copy and paste DNS data to other DNS servers or backup DNS files incase of error. As you can see I can’t get DNS zone transfer information because the AXFR record query failed ,refused.

To determine network range, in this book, they use dmitry(Deepmagic Information Gathering Tool). The option -wnspb shows WHOIS lookup which helps you to find out registered domain owner and other information. I think drawing target’s network topology is important , but also the actual IP address of target. Because of CloudFlare’s security function, it was hard for me to find actual IP address. I tried to get information by pinging MX server, crimeflare and checking DNS information.

To identify active machine and open ports and gather OS information about a target host, all you need to know is nmap command. (I remember this was also part of CEH exam quiz), nmap -p [port number ] and nmap -o for OS information

Hacking other network or system is illegal and considered as crime. I am not responsible for what you do with this information. This blog is for educational purposes only.

Recent Posts: Info In Security

Kioptrix level 2 Vulnbub is perfect place to practice hands-on experience for pen-test. I personally recommend do most of vulnhub lab before registering PWK(OSCP) course. Kioptrix level 2 : https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ Easily download the virtual machine image from the link, set up the network into Bridge or NAT (depends on your preference) (kioptrix level2 img) 0. […]

https://www.hackthebox.eu/ To signup the ‘Hack the Box’ website needs to find “invite code”. First, find the missing/hidden information on the page. You can easily edit HTML elements with developer tools, which will show on your browser by pressing key F12. You can see the token value is changing whenever refreshing the page. Sadly, token […]

Started at 20th Oct and ended on 22nd. Unlike other CTF that you can easily submit flag value on web, PWN2WIN 2017 CTF ask us to submit flag value via github. So we spent 2 or 3 hours to setup that environment (getting ssh, getting team’s key..) but it was fun!! For CTF questions, you […]

Search

Search for:

Text Widget

This is a text widget, which allows you to add text or HTML to your sidebar. You can use them to display text, links, images, HTML, or a combination of these. Edit them in the Widget section of the Customizer.